CLAIMS 



What is claimed is: 

1. A method for authentication in a network, the method comprising: 

creating a credential string which is derived from a session E); 

sending a UserK) associated with the session ID and the credential string to a 
software application; 

receiving a confirmation request which includes the credential string; and 

sending a response in reply to the confirmation request to validate the 
credential string to authenticate the UserlD. 

2. The method of claim 1, further comprising the step of maintaining a password at a 
portal and not sending the password to authenticate the UserlD. 

3. The method of claim 2, wherein the credential string is an encrypted hash of the 
session ID. 

4. The method of claim 1, further comprising the steps of: 

performing a lightweight directory access protocol (LDAP) lookup using the 
UserlD; and 
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if the LDAP lookup confirms the UserlD and the response validates the 
credential string, returning a successful authentication reply to the software application 
for establishing a session associated with the session ID, otherwise sending an 
unsuccessful authentication reply to the software application. 

5. The method of claim 1, wherein the sending of a UserlD and the credential string 
avoids at least one of sending a user's password outside of a portal server and storing 
the password in persistent memory. 

6. The method of claim 1, further comprising the steps of: 

sending the UserlD associated with the session ID and the credential string to 
a software application proxy; 

checking whether the session ID and credential string has been previously 
received within a predetermined time period; and 

if affirmative, initiating a security breach procedure. 

7. The method of claim 6, wherein the security breach procedure causes the 
termination of any session associated with the UserlD. 

8. The method of claim 1, wherein the receiving step and sending a response step is 
performed by an authentication proxy. 
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1 9. A method for authenticating a user request for a software application, the method 

2 comprising: 

3 receiving a UserlD and credential string at an authentication proxy server; 

4 sending a confirmation request from the authentication proxy to a portal, the 

5 confirmation request includes the credential string; 

6 receiving a response at the authentication proxy for the confirmation request; 

7 and 

8 validating the UserlD using a light weight directory access protocol (LDAP) 

9 lookup request and the response. 

1 10. The method of claim 9, further comprising providing a confirmation to the 

2 software application if the response is affirmative and the UserlD is authenticated by 

3 the LDAP lookup. 

1 11. The method of claim 9, further comprising creating the credential string from a 

2 session ID at the portal. 

1 12. The method of claim 1 1, further comprising encrypting the credential string. 

1 13. The method of claim 12, further comprising validating the confirmation request by 

2 assuring that the credential string has been received only once for confirmation at the 
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3 portal, otherwise, if presented more than once, performing at least one of initiating a 

4 security breach procedure and notifying a software application proxy. 

1 14. The method of claim 9, further comprising receiving the UserlD and a password 

2 during a logon to the portal, wherein the UserlD is validated in the validating step and 

3 the password is maintained at the portal and used to process the confirmation request. 

1 15. A system for authenticating a session, comprising: 

2 an authentication proxy which receives requests to authenticate a UserlD and 

3 credential string; and 

4 a credential string validation component which receives requests to validate 

5 the credential string, 

6 wherein the credential string validation component checks whether the 

7 credential string has been previously received for validation within a predetermined 

8 time period. 

1 16. The system of claim 15, wherein the authentication proxy performs lightweight 

2 directory access protocol (LDAP) lookups using the UserlD and sends the credential 

3 string to the credential string validation component and receives a validation reply. 
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1 17. The system of claim 16, wherein the authentication proxy sends an affirmative 

2 authentication reply to a software application when both the LDAP lookup is 

3 successful and the validation reply indicates a valid credential string. 

1 18. The system of claim 17, wherein the authentication proxy receives the UserK) and 

2 credential string from a software application. 

1 19. The system of claim 15, further comprising a software application proxy which 

2 receives the UserlD and credential string and detects whether the UserlD and 

3 credential string has been previously received within a predetermined time period. 

1 20. The system of claim 19, further comprising a portal to create and encrypt the 

2 credential string by hashing a session ED, the portal sends the credential string and the 

3 UserlD to the software application proxy, and does not send a password associated 

4 with the UserlD. 

1 21 . The system of claim 15, further comprising: 

2 a portal for accepting a logon by a user and for creating the credential string 

3 from an associated session ID; 

4 a lightweight directory access protocol (LDAP) directory for authenticating 

5 UserlDs and which is accessible by the authentication proxy; and 
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a software application proxy for intercepting the UserlD and credential string 
sent by the portal for monitoring duplicate occurrences of the UserlD and credential 
string. 

Claim 22: A computer program product comprising a computer usable medium having 
readable program code embodied in the medium, the computer program product 
including at least one program code to: 

create a credential string which is derived from a session ID; 

send a UserlD associated with the session ID and the credential string to a 
software application; 

receive a confirmation request which includes the credential string; and 

send a response in reply to the confirmation request to validate the credential 
string to authenticate the UserlD. 
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